Fraudulent domain registrations since Thomas Cook bankruptcy


    - by Stuart Fuller -

    It is now a necessity that any ambitious organisation will have some kind of brand protection strategy. Whether that is a complex risk assessment platform able to measure positive and negative online sentiment, one that tracks online supply chains or simply a solution that monitors for infringing domain name registrations, organisations are better prepared than ever to tackle the complex world of intellectual property infringement. It is also worth adding that many businesses now also uphold a moral responsibility. They ensure that their customers are kept safe from bad actors who divert web traffic, damage reputations, prey on customer goodwill and ultimately profit from the years of investment in a brand.

    In most instances, it is clear who owns the intellectual property and thus which organisation is responsible for enforcing against these bad actors. There are a number of methods of enforcement that a brand holder can take, ranging from issuing takedown requests to the domain name registrar, the hosting provider or even via law enforcement agencies. But what happens if there is no IP owner? Is that really possible? Well, in some circumstances, yes!

    In late September, it was announced that UK-based tour operator Thomas Cook had collapsed having failed to secure funding to continue operations. The world’s oldest travel agent went into liquidation, immediately ceasing operations which led to not only the loss of 9,000 jobs but also left thousands of holiday makers stranded abroad and tens of thousands more left with holiday bookings that were now worthless.

    In the midst of such confusion, those criminals hell-bent on exploiting those in need will come to the fore and it was no surprise to see a spike in domain name registrations, and fake websites featuring the company’s brand name, most of which were designed to profit on the misfortune of others. Many domains were pointed to websites that bore the Thomas Cook branding and used wording that suggested they had been set up by the company itself to help customers make alternative travel plans or claim refunds.

    From a brand protection point of view, Thomas Cook held a large domain name portfolio and also used a digital risk management solution. However, once the company went into liquidation, the agreement it had in place ceased to be valid and whilst its brand protection partner has continued to monitor for infringing and clearly fraudulent domain name registrations, there is no authority to act on them.

    This begs the question as to whether the IP community, including domain name registrars and social media networks, should step into the void and help protect customers who are clearly the target for many of these fraudulent domain name registrations. In theory, this would seem a positive step in the fight against those who wish to profit fraudulently from others’ misfortunes. In reality, it would be almost impossible to implement as there is no one definitive database of all trademarks and other IP, let alone a mechanism for spreading information on organisations that cease to trade. Whilst Thomas Cook is a very high profile name, it is just the tip of the iceberg. In the first quarter of 2019, over 4,000 UK-based businesses went into liquidation or administration. This shows how challenging it would be to create an up-to-date register of applicable companies and brand names.

    High profile collapses are fortunately rare but that shouldn’t stop the collective minds of the IP industry from thinking about what could it do to prevent the continued abuse of a company’s IP after it has ceased to exit. Whilst some media outlets have been quick to also alert the public to the existence of these rogue websites, it needs a sustained effort from all involved to identify and take appropriate action quickly to stop these dangers persisting. It also needs the public to be wary of who they engage with. In this instance, the message has been clear that anyone impacted by the collapse of Thomas Cook should deal only with the Civil Aviation Authority (CAA). But that shouldn’t stop domain name registrars looking at new registrations made in the wake of a similar situation in future and being proactive in preventing further harm.